F5F5:K08441753K08441753 : Multiple Intel Ethernet 700 Series Controllers vulnerabilities
8.8 High
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
AI Score
Confidence
High
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
33.1%
Security Advisory Description
Insufficient access control in firmware for Intelยฎ Ethernet 700 Series Controllers before version 7.0 may allow a privileged user to potentially enable an escalation of privilege, denial of service, or information disclosure via local access.
Buffer overflow in firmware for Intelยฎ Ethernet 700 Series Controllers before version 7.0 may allow an unauthenticated user to potentially enable an escalation of privilege via an adjacent access.
Insufficient access control in ilp60x64.sys driver for Intelยฎ Ethernet 700 Series Controllers before version 1.33.0.0 may allow a privileged user to potentially enable escalation of privilege via local access.
Unhandled exception in Kernel-mode drivers for Intelยฎ Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access.
Unhandled exception in firmware for Intelยฎ Ethernet 700 Series Controllers before version 7.0 may allow an authenticated user to potentially enable a denial of service via local access.
Buffer overflow in i40e driver for Intelยฎ Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable an escalation of privilege via local access.
Resource leak in i40e driver for Intelยฎ Ethernet 700 Series Controllers versions before 2.8.43 may allow an authenticated user to potentially enable a denial of service via local access.
Insufficient input validation in i40e driver for Intelยฎ Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access.
Resource leak in i40e driver for Intelยฎ Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access.
Insufficient input validation in i40e driver for Intelยฎ Ethernet 700 Series Controllers versions before 2.8.43 may allow an authenticated user to potentially enable a denial of service via local access.
Insufficient access control in firmware Intelยฎ Ethernet 700 Series Controllers versions before 7.0 may allow a privileged user to potentially enable a denial of service via local access.
Impact
There is no impact; F5 products are not affected by this vulnerability.
However, in cloud and Virtual Edition (VE) environments, preventing these attacks falls on the hypervisor/host platform, outside the scope of F5โs ability to support or patch. Please contact your cloud provider or hypervisor vendor to ensure their platforms or products are not subject to this vulnerability.
Related
8.8 High
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
AI Score
Confidence
High
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
33.1%